diff --git a/scripts/verify-sign.ps1 b/scripts/verify-sign.ps1 index 6a3673da07..65dd978d31 100644 --- a/scripts/verify-sign.ps1 +++ b/scripts/verify-sign.ps1 @@ -45,6 +45,9 @@ function Verify-Assemblies if ($signature.SignerCertificate.Subject -eq "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") { Write-Log "Valid: $($_.FullName)" } + elseif ($signature.SignerCertificate.Subject -eq "CN=Microsoft 3rd Party Application Component, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") { + Write-Log "Valid (3rd Party): $($_.FullName)" + } else { # For legacy components, sign certificate is always "prod" signature. Skip such binaries. if ($signature.SignerCertificate.Thumbprint -eq "98ED99A67886D020C564923B7DF25E9AC019DF26") { @@ -74,6 +77,10 @@ function Verify-Assemblies elseif ($signature.SignerCertificate.Thumbprint -eq "709133ECC53CBF386F4A5ECB782AEEF499F0F8CA") { Write-Log "Valid (Prod Signed): $($_.FullName)." } + # Microsoft 3rd Party Application Component + elseif ($signature.SignerCertificate.Thumbprint -eq "912357a68d29b8fe17168ef8c44d6830d1d42801") { + Write-Log "Valid (Prod Signed): $($_.FullName)." + } else { Write-FailLog "Incorrect certificate. File: $($_.FullName). Certificate: $($signature.SignerCertificate.Thumbprint)." } @@ -107,8 +114,9 @@ function Verify-NugetPackages $artifactsDirectory = Join-Path $env:TP_OUT_DIR $TPB_Configuration $packagesDirectory = Join-Path $artifactsDirectory "packages" + Get-ChildItem -Filter *.nupkg $packagesDirectory | % { - & $nugetInstallPath verify -signature -CertificateFingerprint 3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE $_.FullName + & $nugetInstallPath verify -signature -CertificateFingerprint "3F9001EA83C560D712C24CF213C3D312CB3BFF51EE89435D3430BD06B5D0EECE;AA12DA22A49BCE7D5C1AE64CC1F3D892F150DA76140F210ABD2CBFFCA2C18A27;" $_.FullName } Write-Log "Verify-NugetPackages: Complete"